Run terraform-zap to skip over ignored (likely protected) Terraform resources,
while destroying all other resources similarly to terraform destroy.
terraform must still be installed and residing within PATH, since
terraform-zap is just a binary wrapper over terraform.
Currently if any of the .tf files contain prevent_destroy = true for any of
the resources, terraform destroy will fail, with no flag provisioned to force
terraform to skip such resources.
This script wrapper helps to alleviate the issue by parsing .tfzignore file in
the current working directory, where the .tf files are residing in, to skip
over specified resource names, in a similar fashion to .gitignore.
exact = [
"postgresql_database.some_db_name",
"postgresql_role.some_role_name",
]If there are resources that exactly match the names above, these resources are
automatically skipped, solving the problem of having to type complicated
commands in order to skip the above resources to possibly resolve the
prevent_destroy = true issue, with just a terraform-zap command.
The easiest way is to run the install script using shell as shown below.
curl -sSf https://raw.githubusercontent.com/guangie88/terraform-zap/master/install-linux.sh | sudo shYou will need to run as root, or run via sudo, since the script will place
terraform-zap binary file into /usr/local/bin/.
You may also choose to visit releases and download the latest version of statically built binary in the zip asset.
You will first need to install cargo from https://rustup.rs/. The
installation process should be very straightforward for any major architecture
and operating system.
After which, run cargo install terraform-zap for the installation. This will
automatically fetch terraform-zap CLI application from
crates.io, compile and install into your Cargo
installation binary directory.
If terraform-zap was already installed, run cargo install -f terraform-zap
instead.
With .tfzignore file in place, simply run terraform-zap. You should see
mainly terraform destroy logs in place, but the ignored resources should now
no longer appear during the confirmation.
If previously there were resources
with prevent_destroy = true set, if these resources are correctly ignored,
the confirmation prompt should appear properly.
If you need to pass arguments to terraform destroy instead, use positional
arguments, for e.g.
terraform-zap -vvv -- -no-color -var "foo=bar"-vvv is passed into terraform-zap, while -no-color, -var and "foo=bar"
are passed into terraform destroy.
For more CLI argument details, type terraform-zap -h.
It is possible to allow terraform zap [...] to run terraform-zap [...], by
using a function that is exported on startup. This makes the external program
look like part of a terraform subcommand.
Note that this is purely cosmetic and optional.
Add the following bash function to the any of your startup script (e.g.
~/.bashrc), to allow the above
terraform() {
if [[ $1 == "zap" ]]; then
command terraform-zap "${@:2}"
else
command terraform "${@:1}"
fi
}Either restart the current terminal, or run source ~/.bashrc (if following
the example), and try terraform zap to check if the above function is working
as intended. Running in non-Terraform directory should result in
No state file was found! error message being shown, signifying that the
function is correctly set up.
Pull requests are welcome to facilitate improvements to the repository.
Thanks to @chrissng for providing the original
terraform destroy command that only targets non-protected resources. The
original command line is as follow:
TARGETS=$(for I in $(terraform state list | grep -v postgresql); \
do echo " -target $I"; done); \
echo terraform destroy $TARGETS
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent